Snort IDS tips for VARs a

IDS Snort rules: Bleeding Edge Threats rules

Matt Jonkman and James Ashton founded Bleeding Edge Threats (BET) (previously Bleeding Edge Snort) in 2003 as a focus point for a variety of projects related to intrusion detection. BET's most popular set of rules

    Requires Free Membership to View

are BSD licensed and require no registration. There are other rules available, too.

I recommend using both Sourcefire VRT rules and BET rules on sensors. Sourcefire VRT rules are backed by a professional rule development team with millions of dollars of testing equipment at its disposal and specialized tools for signature generation, so they tend to be solid and well-tested. BET releases rules almost immediately upon discovery of a network-based attack, so they can be rough around the edges and less tested. I have found many interesting network activities only using BET rules, however.

Snort Report -- IDS Snort rules

 False positives
 Sourcefire rules
 Bleeding Edge Threats rules
 Acquiring Snort rules
 Activating Snort rules
 Loading rules

About the author
Richard Bejtlich is founder of TaoSecurity, author of several books on network security monitoring, including Extrusion Detection: Security Monitoring for Internal Intrusions, and operator of the TaoSecurity blog.

This was first published in April 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: